diff --git a/Assets/Mirror/Transports/SimpleWeb/Client/StandAlone/ClientHandshake.cs b/Assets/Mirror/Transports/SimpleWeb/Client/StandAlone/ClientHandshake.cs index 769df2484..a48b21c1b 100644 --- a/Assets/Mirror/Transports/SimpleWeb/Client/StandAlone/ClientHandshake.cs +++ b/Assets/Mirror/Transports/SimpleWeb/Client/StandAlone/ClientHandshake.cs @@ -28,8 +28,8 @@ public bool TryHandshake(Connection conn, Uri uri) byte[] keySumBytes = Encoding.ASCII.GetBytes(keySum); Log.Verbose($"[SimpleWebTransport] Handshake Hashing {Encoding.ASCII.GetString(keySumBytes)}"); - // SHA1 is the websocket standard: - // https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#server_handshake_response + // SHA-1 is the websocket standard: + // https://www.rfc-editor.org/rfc/rfc6455 // we should follow the standard, even though SHA1 is considered weak: // https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure byte[] keySumHash = SHA1.Create().ComputeHash(keySumBytes); diff --git a/Assets/Mirror/Transports/SimpleWeb/Server/ServerHandshake.cs b/Assets/Mirror/Transports/SimpleWeb/Server/ServerHandshake.cs index e752ac14d..dc9c035a0 100644 --- a/Assets/Mirror/Transports/SimpleWeb/Server/ServerHandshake.cs +++ b/Assets/Mirror/Transports/SimpleWeb/Server/ServerHandshake.cs @@ -19,8 +19,8 @@ internal class ServerHandshake // this isn't an official max, just a reasonable size for a websocket handshake readonly int maxHttpHeaderSize = 3000; - // SHA1 is the websocket standard: - // https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#server_handshake_response + // SHA-1 is the websocket standard: + // https://www.rfc-editor.org/rfc/rfc6455 // we should follow the standard, even though SHA1 is considered weak: // https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure readonly SHA1 sha1 = SHA1.Create();